| Summary: | Incorrect format of Vault keys in standalone.xml for overlord-jaxrs login module | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Fuse Service Works 6 | Reporter: | Eric Wittmann <eric.wittmann> |
| Component: | Installer | Assignee: | Thomas Hauser <thauser> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Len DiMaggio <ldimaggi> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0.0 GA | CC: | atangrin, kconner, soa-p-jira |
| Target Milestone: | ER7 | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This should certainly be fixed in ER7-2. Verified in ER7-2
grep keystorePassword standalone.xml
<module-option name="keystorePassword" value="${VAULT::vault::saml-keystore.password::1}"/>
grep keyPassword standalone.xml
<module-option name="keyPassword" value="${VAULT::overlord::overlord-alias.password::1}"/>
|
Description of problem: Build 27 of the ER7 installer incorrectly configures the standalone.xml file with respect to the overlord-jaxrs login module. The current markup is this: <security-domain name="overlord-jaxrs" cache-type="default"> <authentication> <login-module code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule" flag="sufficient"> <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/> <module-option name="signatureRequired" value="true"/> <module-option name="keystorePath" value="${jboss.server.config.dir}/overlord-saml.keystore"/> <module-option name="keystorePassword" value="VAULT::vault::saml-keystore.password::1"/> <module-option name="keyAlias" value="overlord"/> <module-option name="keyPassword" value="VAULT::overlord::overlord-alias.password::1"/> </login-module> <login-module code="RealmDirect" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> The values for "keystorePassword" and "keyPassword" are missing the surrounding ${}. So they *should* be: <module-option name="keystorePassword" value="${VAULT::vault::saml-keystore.password::1}"/> <module-option name="keyPassword" value="${VAULT::overlord::overlord-alias.password::1}"/>